Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3293
Views
0
Helpful
1
Replies

Content Filter scanning message body and attachment content - Which attachments scanable?

RjWhaling
Level 1
Level 1

‎06-14-2013 11:48 AM

I have been looking everywhere for what seems to be pretty basic information for can't seem to find it.

We have an incoming content filter set up which is looking for content in both message body and attachments. I've been asked by the project manager to list which attachment types will be scanned for this content so I'm looking for a list of either the file types or description of which file types can be scanned by content filters. They have been testing with the usual types such as txt, PDF, Word, Excel but are asking if files such as MS-Project, OneNote, and so forth are scanned as well.

Seems like the types listed in Attachment File Info within the Documents and Text categories is probably what I'm looking for but figured I would ask if there a blurb somewhere in the documentation that would provide the information the pm is looking for.

Thanks.

Labels:
0 Helpful
1 Reply 1

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎06-27-2013 06:20 AM

Hi Rebecca,

I don't think we have a list of scannable attachment types but maybe this can help you out a little bit.

"There are a few ways that the ESA can identify attachments, and you’ll likely want to use

more than one approach combined:

■  Filename: ESA compares the filenames reported in the MIME part for each attach

ment against the regular expression that you supply. Because this matches against

the filename supplied in the message itself, it will not recognize files correctly if the

sender modified the filename. For example, if a win32 executable has been renamed

“photo.jpg,” a regular expression \.exe will not detect it.

■  File type: The ESA decodes the attachments and compares the file to a database of

known magic numbersthat identify many common file types. Because this identi

fication compares the bytes of the attachment, it will detect attachments that have

been renamed.

■  File MIME type: This is the file type as reported in the email MIME headers. It

consists of a general type and a specific type indicator, like audio/mp3or text/

html. Many binary attachments will use a generic type of application/octet-stream

limiting the use of filters to stop attachments by MIME type. You can specify rules

with wildcards, like video/*, which will match any general MIME type that starts

with video."

Taken from: Email Security with Cisco Ironport (Cisco Press)

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful
Customers Also Viewed These Support Documents